The FTC Won’t Let Them Be: Enforcement Action Brought Against App Developers for Violation of Children’s Privacy Law Presents New Challenges for Advertisers

In a recent show of force—which some believe is the tip of the iceberg—the Federal Trade Commission (FTC) brought an enforcement action against two mobile application (app) developers for violating the Children’s Online Privacy Protection Act (COPPA) and, by extension, the Federal Trade Commission Act (FTCA). Seeking to avoid a drawn out dispute with the FTC, both app developers settled their respective charges, reportedly for a combined $360,000. What makes these cases particularly relevant for our readers are the FTC’s allegations about the relationship of the app developers to the advertising networks and its implications for advertisers and the advertising industry. For an analysis of these allegations, and how the FTC may focus its efforts in this space going forward, read below.

COPPA prohibits online services, including smart phone apps, from collecting personal information from and of children (under the age of 13) without parental consent, among other things. Federal rules developed by the FTC pursuant to COPPA’s mandate recently incorporated the term ‘persistent identifiers’ to the categories of data it considers personal information. As the FTC explains, these are “pieces of data that are tied to a particular user or device”.

The defendants, LAI Systems, LLC and Retro Dreamer, each app developers turning a profit from in-app advertising revenue, fall squarely within COPPA’s purview. As the FTC stated in its complaints against them, because of the nature and content of each of these apps, they target children. Consequently, minor-users’ personal information in the form of persistent identifiers was unlawfully collected by third party advertising networks.

The ad networks that collected these persistent identifiers from app users under the age of 13 used this information to “serve” targeted advertising based on user activity. According to the FTC’s complaint, there was neither notice to these underage users, nor consent from children’s parents about the data collected. The FTC therefore charged both app developers with violating COPPA. The app developers chose to settle their respective charges quickly, as noted above.

The FTC’s focus on protecting children’s online privacy presents increasing challenges for the advertising industry. Although in this case, the FTC’s ire was directed at the app developers for allowing ad networks to collect children’s personal information, it is certainly within the realm of possibility that such enforcement actions could be brought against ad networks for actually collecting the data, especially if the nature and content of the app would make it reasonable to know such data derived from children under the age of 13 or the FTC could prove actual knowledge. With programmatic commanding how digital advertising is purchased and sold, it is often difficult for advertisers to fully vet publishers’ and ad networks’ compliance with applicable law. Although no substitute for proper and rigorous compliance, it is important that advertisers, advertising agencies, media buying companies, app developers advertising networks and publishers carefully turn their attention to the contractual obligations, representations, warranties and indemnification provisions that define the relationships and respective liabilities between and amongst them.